Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
HarveyRebelo
Staff
Staff

Created on ‎07-17-2024 09:25 PM

Article Id 326582

Technical Tip: VPN IPSEC DIAL UP does not work with the same DH groups

Description

 

This article describes the behavior and how to fix a VPN IPSEC dial-up connection issue with FortiClient (Free and Paid Version)

 

Scope

 

FortiGate v7, v7.2, v7.4, FortiClient 7.2.9 and 7.4.

 

Solution

 

  1. After Configure VPN IPSEC Dial-up successfully, and setting the same DH Groups on FortiClient, the negotiation fails:

 

HarveyRebelo_0-1721249635414.png

 

HarveyRebelo_1-1721249635418.png

 

HarveyRebelo_2-1721249635422.png

 

HarveyRebelo_3-1721249635425.png

 

  1. To mitigate this issue, specify only one DH group on VPN IPSEC configuration on FortiGate (it does not matter if uses DH 14 or 5 group, any should work).

 

HarveyRebelo_4-1721249635427.png

 

HarveyRebelo_5-1721249635430.png

624
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.